[Text / Gaogong LED Xu Chaopeng] At the recent 2015 Las Vegas Black Hat Conference (BlackHat), researchers published a paper. The paper points to a flaw in the ZigBee protocol that hackers may use to compromise the ZigBee network to gain control of all connected devices within the network.
"This vulnerability is very serious because the security of the solution is completely dependent on the confidentiality of the network key. And, from our tests on smart bulbs, temperature sensors and door locks, the suppliers of these devices are only deployed at the lowest level. The number of required authentication features, there are no other options to improve the security level, thus providing great convenience to hackers," the researchers added.
.jpg)
It is reported that the defect involves multiple types of devices, hackers can use the ZigBee protocol device to leak, invade your smart home, freely control your networked door locks, alarm system, and even switch your light bulb. For a time, it has caused widespread concern in the industry.
At present, ZigBee (Zigbee Protocol) is based on the IEEE802.15.4 standard. As a low-cost, low-power, close-range wireless networking communication technology, ZigBee has been widely used in smart bulbs, smart door locks, motion sensors, and temperature. A large number of emerging IoT devices such as sensors have a high level of possession. Then, whether the facts are as described by the researchers at the Black Hat Conference mentioned above will lead to a “security crisis†for smart products, and Gaogong LED has also conducted its own investigation.
"We have noticed in this incident that the ZigBee technology vulnerability described in the Black Hat Conference is at the protocol level. If the key is not professional technical background and internal network authorization, it is difficult to invade." Jiang Hongfei, product director of Shunzhou Technology, said .
According to Jiang Hongfei, Zigbee is one of the most secure technologies in the wireless protocol. For the ZigBee protocol, there has not been a cracking precedent in the world.
High-tech LEDs learned that Zigbee's security comes from its systematic design, which uses AES encryption (advanced encryption system), which is 12 times more rigorous than bank card encryption technology. At the same time, Z-stack provides comprehensive coverage for Zigbee. Support, CC2530 hardware supports 128bit AES encryption algorithm, in order to avoid the interference of the same device in the protocol stack, and to prevent being monitored by other devices.
“Clearly speaking, AES is a new encryption algorithm that can be used to protect electronic data, using iterative, symmetric key grouping of ciphers, and encrypting and decrypting data with 128-bit (16-byte) packets. It uses A loop structure in which permutations and substitutions are repeated to ensure system security," said Jiang Hongfei.
Below, the high-tech LED also summarizes Zigbee's three major security mechanisms to improve data security:
1), internal structure safety;
ZigBee protocol In order to have a secure network, all device images must be created with the pre-processing security flag enabled, and a default password can be set. This default password can be pre-configured to each device on the network or only to the coordinator. And then distribute it to all devices that are on the network. Note that in future cases, this password will be distributed to every device that joins the network. Therefore, the period of joining the network becomes an "instantaneous weakness", but this is often done in ten milliseconds.
2) Strict network access control;
In a secure network, a device is notified of a trust center when it joins the network. The credit center has the option to allow the device to remain on the network or to deny access to the device. The trust center can determine whether a device is allowed to enter the network by any logical means. One of them is that the trust center only allows one device to be in a short period. Window time joins the network, which does not bypass the user's licensing process;
3), application data security;
The Trust Center can update the network password at its own discretion. The application developer modifies the update policy for the network password. The default trust center implementation can be used to conform to the developer's specified policy, and a policy will update the network password at regular intervals.
.jpg)
"In addition, Zigbee technology agreements of most domestic manufacturers, such as Xiaomi, Lenovo, Ou Ruibo, etc., are based on the modification of the alliance agreement to become their own proprietary agreement, so they are not interoperable with other Zigbee systems. Jiang Hongfei mentioned that based on the above considerations, he believes that the difficulty of hackers trying to enter the system is very large.
In fact, for high-end professional hackers, perhaps invading smart home devices has the potential to win, but for the average user, this thing can not be achieved. Besides, what is the significance of spending so much effort? Therefore, for the Zigbee security risks that broke out in the Black Hat Conference, we will relax our minds and do better quality "smart lighting" products!
Home Heater means for heating equipment. The heater can be divided into several types due to the different of heating principle, heating channels, thermal conductivity media and scope. Our factory produce and sale Gas Heater, electric heater, Kerosene Heater. The heater is easy to remove and heating, are widely used in homes and public places. Our gas heater use imported heat-resistant fire net, net life more than 10years; The heater use pure copper valve core, pure copper gas tube, pure copper spay nozzle, durable and no leakage; Our heater have dual heating function with flame control lever, heater and cooker 2 in 1; The heater use steel body, all steel thickness more than 0.6mm, sturdy and durable; The heater`s piezoelectric ignition switch, life can be over 30000 times.
1. imported heat-resistant fire net, net life more than 10years.
2. pure copper valve core, pure copper gas tube,pure copper spay nozzle, durable and no leakage, longer life more than 10 years.
3. dual heating function with flame control lever, heater and cooker 2 in 1, whole unit life more than 10 years.
4. moderately dry your room, purifying the environment, effectively inhibit the growth of bacteria.
5. steel body, all steel thickness more than 0.6mm, sturdy and durable.
6. exquisite outline, easy handhold design, portable anywhere at your disposal.
7. steel surface treatment by ECO electroplating technique to avoid steel rust.
8. piezoelectric ignition switch, life can be over 30000 times.
9. fire or gas can be turned up and down freely.
10. unbreakable, shock-resistant, sturdy, durable package to ensure product transit safety.
Home Heater
Home Heater, Electric Home Heaters, Portable Home Heaters, Home Gas Heaters
Ningbo APG Machine(appliance)Co.,Ltd , http://www.apgelectrical.com